If you, like many Australians, are a victim of the recent data leak, here are some practical steps to help stay secure and minimise risk. Be aware that because the situation is developing, some information may change.
Don’t click on any links in emails or SMS
If your email address and phone number get in the hands of scammers, it’s important to be aware of increased phishing attempts. This is where someone sends messages claiming to be from a reputable organisation, only to redirect you to a site where they can capture more of your sensitive information. Scammers have recently targeted LinkedIn users via this method. Sophisticated phishing attempts look almost identical to emails and websites from genuine companies, so it’s best to be safe and avoid clicking on any links.
For example, if you believe your bank or telco recommends you change a password, don’t click on any links sent to you. Even if it’s the real deal, it’s not worth the risk. Instead of clicking on a link, open a web browser and type the correct URL manually. This way, you know you’re visiting a legitimate website and can access your information securely.
Change your passwords and use a password manager for extra security
Although Optus claims no passwords have been compromised, it’s always a good idea to change your password when data leaks. Create a difficult-to-guess password with a mix of lowercase and uppercase letters, numbers and symbols. Also, ensure you aren’t using the same password for multiple accounts (banking, social media, etc.), otherwise, it places everything at risk when a password gets out. If you do use the same password in multiple places, change all of them to be unique.
An easy way to manage this is to use a dedicated password program to generate and store secure passwords. There are multiple options available, many of which are relatively affordable, ranging from free for individual use, to a few dollars a month for families. 1Password and LastPass are popular choices, as they include browser extensions and mobile apps to access passwords wherever you need them. It’s generally not recommended to use a browser’s (like Chrome or Firefox) in-built password storage tools, as this is not as secure as dedicated password software.
Another option for Apple users is to enable iCloud Keychain. It’s a free password manager that creates and stores passwords across Apple devices, which makes it helpful if you use an iPhone and a Mac.
Also, enable two-factor authentication whenever you can. When enabled, it means in addition to a password, you need to input a limited-time code generated by a separate app or another form of verification.
For anyone who provides proof their licence details were compromised, several jurisdictions – including Victoria, Queensland, South Australia, and New South Wales – are providing free replacements. How to do this differs between states, however. Currently, NSW residents need to pay the $29 replacement fee up-front and then apply for Optus to reimburse the cost. Given that details are rapidly changing, visit the website of your state or territory’s government services to get the most up-to-date information.
If you’re worried about any banking details, contact your financial institution to re-issue any cards and receive advice on further steps you can take. Many banking apps let you “lock” your cards in the event they are lost or stolen.
Additionally, Optus is offering impacted customers a free 12-month subscription to Equifax Protect, a service that helps monitor your credit history and mitigate against identity theft. For further support, IDCARE, Australia and New Zealand’s national identity and cyber support service, is also assisting those affected.
Educate yourself on the risks of a data breach
Above all else, research what happens with stolen data and how it occurs in the first place. Hackers looking to make money may look to sell personal information via the dark web, which may lead to identity theft and people spending your money.
Arming yourself with knowledge means you’ll know what to do in the event of a data breach and be able to identify the scams that follow.